Privacy Policy

Following the acquisition of City Discovery by VELTRA Corporation in February 2016, the decision has been made to close the City Discovery brand and consolidate its operations.

VELTRA will continue to serve travelers the best tours, activities and transfers worldwide through its website: www.veltra.com.

Previous bookings with City Discovery will be organized as normal.

We want to express our sincerest gratitude to our loyal customers who have been with us in the last 15 years. We value your patronage and hope you will book again with us through VELTRA (www.veltra.com).

Privacy Policy

We (hereinafter referred to as the "Company") collect personal data from our tour booking websites. The protection of personal data is very important to us in ensuring safe and convenient booking through our websites. We handle personal data in compliance with the following regulations.

When the Company Collects Personal data

The Company collects personal data from its customers with their consent, when it is required by law, to the extent necessary to accomplish the purposes of use of the Company.

When the Company Uses Personal data

The Company uses personal data collected from its customers only for the purposes of use prescribed by the Company.

How the Company Saves and Stores Personal data

The Company saves and stores personal data, taking security of system into account in order to prevent leakage of the information collected from its customers.

Deletion and Erasure of Personal data

The Company retains customers' personal data for as long as is required to achieve the purposes and to fulfill the activities as set out in this Privacy Policy, otherwise communicated to the customers or for as long as is permitted by applicable law. The Company deletes or erases personal data that is no longer needed for the purposes and will fulfill the activities as set out in this Privacy Policy without any delay after the reasonable period of time.

Response to Inquiries from Customers

The Company accommodates requests from its customers for notification of the purposes of use, disclosure, correction, addition, removal, cessation of use, erasure, suspension of provision to third parties of Retained Personal Data in compliance with applicable laws.

Safety Control Measures etc.

The Company will educate all staff engaged in VELTRA service operations about the importance of protecting personal data, and will take necessary and appropriate measures to ensure the safety control of personal data.

Personal data the Company Collects and the Purposes of Use

The Company collects personal data including address, name, birthday, contacts, e-mail address and passport number of customers and uses it. The Company will not collect Special-Care Required personal data without obtaining consent from its customers. In case where the purposes of use of personal data have not been published when the information is collected from customers, the Company will give notices of such purposes of use to the customers or make such purposes public. The Company will not collect personal data from children under 13 years old without obtaining consent from their parents and/or guardians. The Company assumes that the customers providing personal data of those who are under 13 years old bear consent from their parents and/or guardians. In case where the Company becomes aware of no such consent existing, the Company will use the personal data only for the purposes of contacting the parents and/or guardians or actions related to such purpose.
The provision of the above personal data, where requested, is necessary for the adequate performance of the contract between its customers and the Company and to allow the Company to comply with the Company's legal obligations. Without it, the Company may not be able to provide customers with all the requested services.

Use of VELTRA service (including membership registration etc.)

The Company shares personal data of its customers within the VELTRA group companies in order to offer VELTRA services.
On the legal basis of fulfilling a contract or take steps linked to a contract.

Booking and joining optional tours

Items to be collected
The Company collects information including name, payment information, passport number and also health information such as health status and history of disease from participants of optional tours upon booking application submitted by the customers.
Specific purposes of use
The Company collects personal data from its customers and uses them for purposes such as confirmation of eligibility for participation of optional tours and health status of customers (depending on the contents of tours), offering support before and after their participation (including emergency communications) and payment of optional tour costs and fees. In order to achieve such purposes, the Company provides the personal data of customers to such involved parties such as optional tour organizers, transportation facilities and price settlement substituting traders (including parties operating their businesses in foreign countries).
On the legal basis of fulfilling a contract, or take steps linked to a contract.

Provision of useful information including e-mail newsletters to the customers

On the legal basis of where customers give their consent

Advertisement through and advertising platforms

On the legal basis of where customers give their consent

Calling for answers to questionnaire

On the legal basis of pursuing the Company's legitimate interest (i.e. improving the Company's Website, its features and the Company's products and services).

Adding mileage points etc. conferred by affiliate service providers to the customers

Items to be collected
Mileage number and membership number assigned by affiliate service providers that are the Company's alliance partners, and information of available tours etc.

Specific purposes of use
Adding mileage and other kinds of points conferred to the customers by affiliate service providers that are the Company's alliance partners

On the legal basis of pursuing the fulfilling a contract, or take steps linked to a contract.

Detecting improper use of credit cards etc.

On the legal basis of pursuing the Company's legitimate interest (i.e. ensuring the security of customers' credit cards)

To fulfill the service, contact, inform the status of purchases and communicate updates about the Company's products and services with the Company's partners, affiliates, travel agents.

On the legal basis of fulfilling a contract and make business with them.

Provision of Personal Data to Third Parties

The Company will not provide Personal Data to third parties except for the following situations.

When customers give prior consent to the Company for the provision of personal data to third parties (including travel agencies, social media service providers and advertisement delivery service companies conducting their business in foreign countries) by means of agreeing with this privacy policy or others.

When the company entrusts third parties with handling Personal Data to the extent necessary to accomplish the above-mentioned purposes.

When the Company is required to do so by laws and regulations.

When it is necessary for the protection of the life, body or property of a person, and it is difficult to obtain the consent of the customer.

When it is especially necessary for improving public health or promoting the sound growth of children, and it is difficult to obtain the consent of the customer.

When the data is needed by the national or local government in executing the affair prescribed by laws and regulations, and obtaining consent from the customers likely to impede the execution of such affairs.

Entrustment of Handling of Personal Data

When the company entrusts third parties with handling of personal data of its customers within the extent required for the achievement of the purposes of use of the Company according to the provisions in the preceding paragraph, the company will take necessary and appropriate measures regarding supervision of the entrustees. When the entrustee re-entrusts its operations to another party, the Company will, directly or indirectly, supervise whether the entrustee takes necessary and appropriate measures to supervise the party. The same will be applied to further entrustment.

Collection of Cookies Information

Cookies

Cookies are data stored in the user's hard disk which includes information about the customers (users). The Company shall not use Cookies to identify an individual. The Company uses session Cookies, which is to be deleted when the browser is closed. The Company uses Cookies for purposes such as improving its services, measuring the effects of customization and advertisements of its websites. Additionally, the Company identifies items of higher interest degree of customers by performing statistic processing on Cookies and makes good use of the results. Also, the Company applies it in the prevention of unauthorized access to its websites. Cookies can be invalid upon the customer's request, but the customer will no longer be able to book on VELTRA once Cookies has been disabled.

Logfile

The Company collects certain information automatically and keeps it in a log file. The certain information includes IP (Internet Protocol) address, kind of browser, ISP(Internet Service Provider), web pages that are seen or closed, operating system and time stamp. The Company uses the information in order to detect unauthorized access to its websites. The Company also conducts trend analysis of its customers to manage its websites and track user behavior. However, the Company uses the information while making it impossible to identify an individual, and never uses obtained information for the purposes other than as described above.

Web Beacon

The company uses web beacon for traffic analysis and affiliate programs. The Company never uses web beacon for the purposes other than as described above or in order to identify an individual.

Statistical analysis

The Company grasps which sites or services are popular among its customers and keeps a record of pages seen by the customers, by using an analysis tool for third party access. The Company uses the data in order to provide the customers who have shown interests in specific fields with suitable contents and advertisements on VELTRA website. The Company also collects statistical information that does not identify an individual. Furthermore, the Cookie information collected by the Company and another company may be available for inspection between the two parties on the analysis tool for third party access.

Security Control Measures for Personal Data

The Company takes systematic, technical and physical security control measures to prevent leakage, plagiarism, misuse, unauthorized access, falsification or destruction of Personal Data. The Company also limits access to the server in which it stores Personal Data only to specific employees who have ID and password, and especially for certain Personal Data, the Company minimizes the number of employees who have access rights to manage it. Additionally, the Company distributes the Personal Data which contains credit card information in several data centers, and keeps in secure environments. Furthermore, the Company introduces Secure Sockets Layer（SSL）into all its webpages related to transactions. Using SSL-capable browsers enables the maintenance of confidentiality of Personal Data and credit card information transmitted online.
The employees who handle customer Personal Data use monitors with a password-secure screen saver function when they do not use the devices. The Company conducts education and training about the importance of protecting personal data every 6 months on a company-wide basis, but once a month in some departments, and does the minutes of such education.

What are the customers' data protection rights and how can customers exercise them ?

Under the General Regulation (EU) 2016/679, of 27 April 2016, on Data Protection (GDPR), the following rights are recognized in relation to the processing of customer personal data:

Right of access

To receive confirmation of the existence of customer personal data, access its content and obtain a copy.

Right of rectification

To update, rectify and/or correct customer personal data.

Right to erasure/right to be forgotten and right to restriction

To request the erasure of customer data or the restriction of customer data which has been processed in violation of the law, including cases when the storage of which is unnecessary in relation to the purposes for which the data was collected or otherwise processed; where the Company has made customers' personal data public, customers also have the right to request the erasure of customers' personal data and to take reasonable steps, including technical measures, to inform other data controllers which are processing the personal data that customers have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

Right to data portability

To receive a copy of customer personal data provided to the Company for a contract or with customers' consent in a structured, commonly used and machine-readable format (e.g. data relating to customers' purchases) and to ask the Company to transfer that personal data to another data controller.

Right to withdraw your consent

Wherever the Company relies on customers' consent, customers will always be able to withdraw that consent, although the Company may have other legal grounds for processing personal data for other purposes.

Right to object, at any time

Customers have the right to object to the processing of personal data at any time in some circumstances (in particular, where the Company doesn't have to process the data to meet a contractual or other legal requirement, or where the Company is using personal data for direct marketing).

Customer rights in relation to your personal data might be limited in some situations. For example, if fulfilling the customer's request would reveal personal data about another person or if the Company has a legal requirement or a compelling legitimate ground, the Company may continue to process customers' personal data which customers have asked the Company to delete.

Customers may also have the right to make a complaint if the customers feel their personal data have been mishandled. The Company encourages customers to come to the Company in the first instance but, to the extent that this right applies to customers, customers are entitled to complain directly to the relevant Data Protection Supervisory Authority.

International transfer of customers data

Customers' personal data are processed in at the Data Controller's registered office and at the offices of other entities to which data may be provided in order to provide the services requested of the Data Controller.

Given the fact that the Company is an international travel agency, the Company also transfers customers' personal data to:

non-European Economic Area (EEA) countries offering an adequate level of data protection in accordance with the "Adequacy decisions" of the EU Commission that recognizes some countries as providing adequate protection;
non-European Economic Area countries where data protection laws may be less protective than the legislation in the EEA. This happens when:
The Company discloses customer data to involved companies such as operational tour organizers, travel agencies, transportation facilities, price settlement substituting traders, insurance companies etc. that might process your data outside the EEA in order to provide you with the requested services.
We disclose customers' data to social media service providers, advertisement delivery service companies that might be located in a country outside the EEA. When such a transfer happens, the Company ensures that it takes place in accordance with this privacy policy and is regulated by standard contractual clauses approved by the European Commission as ensuring adequate protection for data subjects.

Request for Disclosure, Correction, and Suspension of Use etc.

The Company accommodates requests from its customers for notification of the purposes of use, disclosure, correction, addition and removal, cessation of use or erasure and suspension of provision to third parties of Personal Data (hereinafter referred as to "Disclosure etc.") through the contact center written in 9 below. The Company also deals with the requests for modification of membership information and unsubscription from the newsletter on "My-Pages" of customers.

External Links

The VELTRA website contains external links. This privacy policy only applies to information connected through the VELTRA website. The Company does not take any responsibility for privacy policies or contents of privacy policies of other websites. The Company kindly asks its customers to read the privacy policies of each website represented by the links, and confirm how personal data of customers will be handled.

Changing of Privacy Policy

The Company uploads its privacy policy on the VELTRA website, and always makes it known to its customers which personal data the Company collects for which purposes and how it is used. The Company also announces any changes made in its privacy policy to its customers by publishing it on the VELTRA website.

Contacts

If you have any questions about the Company's privacy policy, its efforts to protect personal data, collection and use of personal data of customers or any request for Disclosure etc., please contact us using the inquiry form below. We will respond to you within 5 business days.
VELTRA Corporation
Yaesu Center Bldg. 2F, 1-6-6 Yaesu, Chuo, Tokyo